> Am 08.01.2022 um 15:46 schrieb Nic Bernstein <[email protected]>: > > On 1/8/22 08:34, Mikhail T. wrote: >> On 08.01.22 09:12, Nic Bernstein wrote: >>> You should be interested in the 'failedloginpause' setting, which defaults >>> to 3 seconds. >> I think, the request was for a progressively increasing pause -- doubling >> for each subsequent failure from the same IP and/or same account... >> >> Is that currently possible? >> > > Ah, yes; you're right. No, that's not currently possible with Cyrus itself. > There used to be a setting for POP logins which did this, but I think that's > gone away. Might be possible with a proxy, like Perdition, but I've not > tried it. > -nic
This doesn’t really makes much sense, because it could imply new DoS attack vectors while most DDoS attackes use long time windows per try per source IP (they easily have access to many thousands of source IPs to use). This is, why fail2ban should be used very (!) carefully on IMAP/POP3 (and SMTP login). Its more important to avoid any „short“ and somewhere dictionary passwords. Additionally we avoid the very often applied behavior using email addresses one to one as usernames. I know it may seem dangerous first time you see such attackes, but there are quite often at least at larger and/or older (longer established) hosts (i see it multiples times per month usually at some hosts which are mailservers since >20 yesrs now). niels. — Niels Dettenbach https://www.syndicat.com https://www.syndicat.com/pub_key.asc > Permalink ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T1d0fcd8364d69d1f-M8d971cf7d57a4864bd643019 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
